IBM Advocates for Confidential Computing Security Standard

IBM and others are advocating the adoption of Confidential Computing, a standard that they state will provide deeper levels of security and privacy in the cloud. With encryption that can only be unlocked by keys held by the client, Confidential Computing guarantees that the company hosting data and applications can’t access the underlying data, regardless of whether it is stored in a database or passing through an application. That prevents hackers from accessing encrypted data when it moves to the application layer.

VentureBeat reports that IBM chief technology officer Hillery Hunter stated Confidential Computing will “unlock the next generation of cloud adoption.” “There’s a second generation of cloud workload considerations that are more at the core of these businesses that relate to more sensitive data,” she said. “That’s where security needs to be considered upfront in the overall design.”

IBM has actually been building products based on Confidential Computing principles “for several years now.” In its report on the “Hype Cycle for Cloud Security,” Gartner, which said that even when companies acknowledge the benefits of the cloud, security concerns is their top reason for avoiding it, listed Confidential Computing as “one of key 33 security technologies.”

Confidential Computing also would “theoretically allow companies to share data, even between competitors, in order to perform security checks on customers and weed out fraud.” In December 2019, the Linux Foundation launched the open-source Confidential Computing Consortium to bring together “hardware vendors, developers and cloud hosts.”

Alibaba, Arm, Baidu, IBM, Intel, Google Cloud, Microsoft and Red Hat were founding companies. Gartner predicted, however, that it will take between five and 10 years for the standard to become commonplace, in part because implementing it isn’t easy.

At IBM, LinuxONE chief technology officer Marcel Mitran noted the need to better protect “every layer of cloud computing … if customers were going to put the bulk of their mission-critical data online.” “You have this gentleman’s agreement with the cloud provider that they can host your sensitive data in the cloud and they promise not to touch it, they promise not to look at it, and they promise not to do bad things with it,” he explained. “But the reality is that at the end of the day, a promise is only a promise. There are bad actors out there. People make mistakes.”

In 2018, IBM began “investing in more Confidential Cloud services, releasing its Cloud Hyper Protect Services and IBM Cloud Data Shield.” “These services really aim to solve the end-to-end needs of posting a cloud application or a cloud-based solution in a public cloud while maintaining confidentiality,” Mitran said. “We can offer guarantees that at no point in time can the cloud host scrape the memory of those applications, and we can technically prove that our virtual server offering guarantees that level of privacy and security.”

IBM now also offers IBM Cloud for Financial Services, which relies on Hyper Protect, and was adopted by Bank of America. IBM also inked a deal with Apple to provide a Hyper Protect iOS SDK for its CareKit.